blackmoon | d803f8885aa048d183b6998eaf772219b5fc2c5d0274473a88d6901ea322a1a9 | Triage

Sharing

General

Target

d803f8885aa048d183b6998eaf772219b5fc2c5d0274473a88d6901ea322a1a9
Size

78KB
MD5

cdf7960f31c9afbd4f8a9123a6ad5e99
SHA1

53cbc0b8fd2c53db181464870179cfcf5b630c32
SHA256

d803f8885aa048d183b6998eaf772219b5fc2c5d0274473a88d6901ea322a1a9
SHA512

0a5cb9db28d05e59264d421a507ec0da433312ac15cbf79571adfb40319b0c9e595eb108c4cdf044dac96db03571d6c5984c64c2e2115957dd70edc23b225e59
SSDEEP

1536:Kp4OboF0htdabY+HD/1k7BFW0HOxPlHXrcwbtWVMav4fcSHbZtx:KeOboF0htdabYU+BYzxPlHXYwbtWVRvy

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d803f8885aa048d183b6998eaf772219b5fc2c5d0274473a88d6901ea322a1a9

Files

d803f8885aa048d183b6998eaf772219b5fc2c5d0274473a88d6901ea322a1a9
.exe windows:4 windows x86 arch:x86

cfba4159984f57884ee6bf80e7658517

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
WriteFile
WaitForSingleObject
CancelIo
ReadFile
LocalAlloc
LocalFree
lstrcpyn
GetProcessHeap
GetModuleHandleA
ExitProcess
CreateEventA
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
CloseHandle
HeapAlloc
CreateFileA
GetTickCount

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

msvcrt

sprintf
atoi
_ftol
free
malloc
strrchr
strchr
modf
realloc
??3@YAXPAX@Z
memmove
strncmp
__CxxFrameHandler
_CIfmod

user32

TranslateMessage
GetMessageA
PeekMessageA
DispatchMessageA
GetSystemMetrics
wsprintfA
MessageBoxA

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ